The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#1
12-08-2012, 12:13 AM
|
|||
|
|||
vBulletin very easy to hacked ?
What's going on here...?
In last few days hackers party a lot with vBulletin forum : ***link removed*** I don't care with their reason, but the fact he can hacked few vBulletin forum easily made me think....how weak security in vBulletin. The situation is the fact. Any opinion...? or providing security patch...? |
|
#2
12-08-2012, 12:35 AM
|
||||
|
||||
|
Quote:
|
|
#3
12-08-2012, 01:05 AM
|
|||
|
|||
|
Quote:
This hackers clearly using the bugs in sytem, don't always blame owner/installer/admin. The story will be different if security patch always update.. |
|
#4
12-08-2012, 01:10 AM
|
|||
|
|||
|
How do you know how it's being done?
|
| 2 благодарности(ей) от: | ||
| Amaury, Max Taxable | ||
|
#5
12-08-2012, 01:37 AM
|
||||
|
||||
|
Quote:
There's not any web pages that don't have some kind of exploit in them, vBulletin's not alone there. Quote:
|
| 3 благодарности(ей) от: | ||
| Amaury, doctorsexy, OldSchoolDSL | ||
|
#6
12-08-2012, 12:59 PM
|
||||
|
||||
|
Quote:
Quote:
Do you have solid proof on how they were hacked ? No ? then you have no "facts". 
|
| 2 благодарности(ей) от: | ||
| OldSchoolDSL, TTayfun | ||
|
#7
12-08-2012, 01:40 PM
|
||||
|
||||
|
Agreed with Paul.
My 2 cents. You are always at risk of something bad happening. That is the risk you take. You mitigate risk by backing up/testing backups and doing your utmost to secure your site AND your server. Some of these hacks could have been done at the server level, not just software. You just don't know. Every major hosting provider has had successful attacks. You learn, adapt and move on. In the case with IQ69, I found on their twitter feed, that group that hacked them is claiming to have all 50GB their data. To get that kind of access you need console access. No one can sqldump 50GB from the phpmyadmin interface. Plus the files etc are not just available because you have a admin password. They have ftp access too. a. NONE of your logins and passwords should be the same. If your ftp, cpanel, root, forum and others admin logins are all the same then you are screwing yourself. b. Use secure server software with a provider that has the latest updates. Cpanel etc. c. BACKUP!!!!! d. BACKUP off site!!!! Hope this helps, -Jason Edwards, CISSP --------------- Added [DATE]1354978181[/DATE] at [TIME]1354978181[/TIME] --------------- Secondly, Use a Firewall or Proxy service. Some attacks can be foiled by a good proxy. I use cloudflare and have found it to be usefull. Does require some tooling to get some Vbulletin mods to work but it has blocked massive amounts of malicious ip traffic from ever reaching my site. IT can also cache and do other improvements as well that will speed up your site. |
|
#8
12-08-2012, 04:20 PM
|
||||
|
||||
|
vbulletin has nothing to do with exploits. It's server side. I remember reading it somewhere.
|
|
#9
12-08-2012, 06:14 PM
|
|||
|
|||
|
Can we have some content-wise discussion about the subject? Because the thing would be interesting if there were some facts, code or something.
My humble guess also would be that you're posting a link to your own twitter profile Pablo to make it more popular since you have 0 posts here, otherwise I don't understand why someone suddenly came here, registered and posted this. |
|
#10
12-08-2012, 06:22 PM
|
||||
|
||||
|
Quote:
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 07:20 PM.